James wrote: now the question is... would this also affect single-hop bgp sessions? my understanding would be no, as single-hops require ttl set to 1.
Simon Lockhart wrote: All it requires is for the TTL to be 1 (or 0, I can't remember which) when it's received. Just launch your packets with a TTL of the number of hops between you and the victim, and that's that bit sorted...
That's not the way I read it at all. The way I read it is that the TTL of the packet has to be equal or _greater_ than 254 (or 255). Since you can't set the TTL to a value greater than 255 when sending the forged packet, it means that the spoofer sending a packet from 10 hops away will have a TTL of 245 at most, and will be discarded. As nobody has figured out how to prevent the TTL to be decremented by each of the hops on the way, it works. Michel.